CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38427 – video: screen_info: Relocate framebuffers behind PCI bridges
https://notcve.org/view.php?id=CVE-2025-38427
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: video: screen_info: Relocate framebuffers behind PCI bridges Apply PCI host-bridge window offsets to screen_info framebuffers. Fixes invalid access to I/O memory. Resources behind a PCI host bridge can be relocated by a certain offset in the kernel's CPU address range used for I/O. The framebuffer memory range stored in screen_info refers to the CPU addresses as seen during boot (where the offset is 0). During boot up, firmware may assign a... • https://git.kernel.org/stable/c/a168da3182f8727b338509cb413147aa29012d6f •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38426 – drm/amdgpu: Add basic validation for RAS header
https://notcve.org/view.php?id=CVE-2025-38426
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add basic validation for RAS header If RAS header read from EEPROM is corrupted, it could result in trying to allocate huge memory for reading the records. Add some validation to header fields. • https://git.kernel.org/stable/c/b52f52bc5ba9feb026c0be600f8ac584fd12d187 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38425 – i2c: tegra: check msg length in SMBUS block read
https://notcve.org/view.php?id=CVE-2025-38425
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message length passed from the device is '0' or greater than the maximum allowed bytes. • https://git.kernel.org/stable/c/c39d1a9ae4ad66afcecab124d7789722bfe909fa •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38424 – perf: Fix sample vs do_exit()
https://notcve.org/view.php?id=CVE-2025-38424
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs do_exit() Baisheng Gao reported an ARM64 crash, which Mark decoded as being a synchronous external abort -- most likely due to trying to access MMIO in bad ways. The crash further shows perf trying to do a user stack sample while in exit_mmap()'s tlb_finish_mmu() -- i.e. while tearing down the address space it is trying to access. It turns out that we stop perf after we tear down the userspace mm; a receipie for disaster... • https://git.kernel.org/stable/c/c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38423 – ASoC: codecs: wcd9375: Fix double free of regulator supplies
https://notcve.org/view.php?id=CVE-2025-38423
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fix double free of regulator supplies Driver gets regulator supplies in probe path with devm_regulator_bulk_get(), so should not call regulator_bulk_free() in error and remove paths to avoid double free. In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fix... • https://git.kernel.org/stable/c/216d04139a6d0ecaea9432178225b29d367da886 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38422 – net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
https://notcve.org/view.php?id=CVE-2025-38422
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Maximum OTP and EEPROM size for hearthstone PCI1xxxx devices are 8 Kb and 64 Kb respectively. Adjust max size definitions and return correct EEPROM length based on device. Also prevent out-of-bound read/write. • https://git.kernel.org/stable/c/6b4201d74d0a49af2123abf2c9d142e59566714b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38421 – platform/x86/amd: pmf: Use device managed allocations
https://notcve.org/view.php?id=CVE-2025-38421
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev->buf was freed but never set to NULL and is again freed in amd_pmf_remove(). To avoid subtle allocation bugs in failures leading to a double free change all allocations into device managed allocations. • https://git.kernel.org/stable/c/5b1122fc4995f308b21d7cfc64ef9880ac834d20 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38420 – wifi: carl9170: do not ping device which has failed to load firmware
https://notcve.org/view.php?id=CVE-2025-38420
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] ht... • https://git.kernel.org/stable/c/e4a668c59080f862af3ecc28b359533027cbe434 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38419 – remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
https://notcve.org/view.php?id=CVE-2025-38419
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() When rproc->state = RPROC_DETACHED and rproc_attach() is used to attach to the remote processor, if rproc_handle_resources() returns a failure, the resources allocated by imx_rproc_prepare() should be released, otherwise the following memory leak will occur. Since almost the same thing is done in imx_rproc_prepare() and rproc_resource_cleanup(... • https://git.kernel.org/stable/c/10a3d4079eaea06472f1981152e2840e7232ffa9 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38418 – remoteproc: core: Release rproc->clean_table after rproc_attach() fails
https://notcve.org/view.php?id=CVE-2025-38418
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Release rproc->clean_table after rproc_attach() fails When rproc->state = RPROC_DETACHED is attached to remote processor through rproc_attach(), if rproc_handle_resources() returns failure, then the clean table should be released, otherwise the following memory leak will occur. unreferenced object 0xffff000086a99800 (size 1024): comm "kworker/u12:3", pid 59, jiffies 4294893670 (age 121.140s) hex dump (first 32 bytes): 00 0... • https://git.kernel.org/stable/c/9dc9507f1880fb6225e3e058cb5219b152cbf198 •